more transparent proxy and squid questions.

Doron Shmaryahu doron at home.crc.co.za
Fri Jun 13 04:25:57 PDT 2003 

Hi,

You will want to make sure that you have this rule before the divert rule

allow tcp from (live ip address) to any

otherwise squid will go into a forwarding loop. You do not need
ip-transparent if you are using IPFW to do the divert. Oh yes the headers
are from the live ip of the squid box. I know there is a way to pass the
clients ip to the remote site. Check on the squid web page regarding that.

Kind Regards

Doron Shmaryahu

-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Andrew Thomson
Sent: 13 June 2003 09:14 AM
To: freebsd-questions at freebsd.org
Subject: Re: more transparent proxy and squid questions.

oh, and does squid need to be compiled with CONFIGURE_ARGS+=
--enable-ipf-transparent
given the firewall does the divert to the squid box ??

ta,

ajt.



On Fri, Jun 13, 2003 at 05:04:38PM +1000, Andrew Thomson wrote:
> I'm not looking for help at setting this up as such, but rather a better
> understanding of what's happening to the packets in this situation.
> 
> I have a freebsd firewall/gateway box.
> 
> I then fwd the port 80 requests to the squid box on port 3128
> 
> squid then i imagine process the request.. does squid then make the same
> http request with it's ip as the source?
> 
> perhaps an illustration might be helpful.
> 
> wall/gwy = 192.168.1.1
> squid = 192.168.1.2
> user = 192.168.1.3
> 
> user makes an http request.
> 
> ipfw rule on wall diverts to squid:
> 
> ipfw add 50 fwd 192.168.1.2,3128 tcp from any to any 80
> 
> does squid then make the request with it's ip?
> 
> thus we'd need something like,
> 
> ipfw add 45 allow tcp from 192.168.1.2 to any 80
> 
> squid updates the cache/passes the data back to the user??
> 
> thanks,
> 
> ajt.
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
> 

_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list